Skip navigation to content

Information management principles

Business principles

Primacy of principles
Summary: All parts of the University must abide by the principles.
Rationale: The only way to provide consistent and quality information.
Implications: Developments / changes will be evaluated against this principle.
Maximise the benefit to the University
Summary: Processes and systems must maximise the benefit to the University as a whole. Corporate requirements drive IT strategy.
Rationale: Recognition of the needs of the University above individual departments.
  • Change in working practices.
  • Possibly conceding own preferences. Development work is within the "plan".
  • A forum must exist to take these decisions, i.e. is this work in the "plan" or not?
Business must continue
Summary: Key central operations are maintained in spite of system interruptions.
Rationale: We have huge dependence on systems to carry out the University business. Alternative operation must be possible.
  • Management of the risks of business interruption.
  • Recovery and business continuity must be addressed.
Common use applications
Summary: Exploiting the functionality of one system is preferable to developing separate systems.
Rationale: This way duplication (of data and effort) lies.
  • Data needs to be standardised and understood. [Data Catalogue - see below.]
  • Default position is that central systems should be used in preference to local systems.
Information management is everyone's business
Summary: All parts of the University participate in decisions about information management required to deliver business objectives.
Rationale: Major IT projects, other than those that are purely infrastructural, should be led by the business process owner, e.g. Unit or School or PO, not the IT department.
  • Acceptance of responsibility.
  • Commitment of resources.
  • Clearly defined owners of business processes.
  • Clearly defined, communicated and enforced policies relating to information management.

Data principles

Data as asset
Summary: Data is a university asset and must be managed accordingly.
Rationale: Accurate, timely data assists accurate, timely decision making.
  • Staff must accept responsibility for their data. Data checking procedures should be adopted. Responsibility for data "trusteeship" must be set at the highest level.
  • A forum with comprehensive University-wide representation should decide on process changes suggested by the trustee.
  • Significant cultural change.
Data is shared
Summary: Users must have acceptable, justifiable and protected access to the data needed.
  • Quality and efficiency in data access and use.
  • "Shared" from a single source not many sources.
  • Expanded use of data warehouse.
  • To assert common standards and definitions [single source].
  • Documentation of data warehouse [data catalogue] so that users know and understand what is available; must be easily maintained by data trustees [not IT].
  • Policies and procedures for data security and access.
  • Interoperability requirements going forward so that new data fits in, i.e. we can get data out and put data in.
Data is accessible
Summary: Data is useless unless it is accessible where and when needed.
  • Efficiency, effectiveness in processes and decision making.
  • Lack of easy access to information creates additional work in discovery and aggregation.
  • Common web-enabled BI / Reporting tool.
  • Data catalogue [see above].
  • Security of activity on the data is required - read / write etc.
  • Electronic records management and retention policies, procedures and systems need to be defined and implemented.
Data trustee
Summary: This is the person responsible for data quality in the central units.
Rationale: Users of the data must trust that the central data is complete, correct, up to date and suitable for their needs.
  • Need to understand the data sources and changing requirements of users / customers of the data.
  • Captured once and validated as close to source as possible [cut out form-filling / rekeying].
  • Trustee must be able to generate confidence in the data
Data security
Summary: Data must be protected from unauthorised exposure and use.
Rationale: Legal and reputational imperatives.
  • Data shared between systems may be subject to differing security arrangements within applications so security needs to be thought about at item level.
  • These concerns need to be addressed at the very beginning of a development.
  • Data access from outside institution on non University hardware needs to be secure.
Common vocabulary
Summary: Data defined once and definition is understandable.
Rationale: Common vocabulary assists communication and assists in data integration / exchange.
  • Many people need to understand this not just the chosen few. Parochial definitions must be substituted by enterprise definitions.
  • Make use of industry [community] standard definitions e.g. HESA, JISC, MIAP, ISO etc.


IT Services

Butts Wynd Building
Butts Wynd
St Andrews
KY16 9AL
Scotland, United Kingdom

Tel: +44 (1334) 463333